Secure terminal

ABSTRACT

A secure terminal for the aerial transport of passengers whose technical and operational infrastructure makes it possible to ensure the physical security of the building, of the aircraft, of the goods, of the passengers and of the flight, technical and administrative personnel and the confidentiality of the passengers and of their goods, noteworthy in that it comprises at least one building having a globally V-shaped horizontal section and comprising two branches extending from a mid-zone, constituting parking hangars for aircraft and determining between them an uncovered central zone.

TECHNICAL FIELD

The present invention relates to an airport terminal aiming to resolvethe problem of passenger security in view of their boarding on board atransport means of the aircraft type.

BACKGROUND

In the field of aerial transport, terrorist activities currentlyrepresent a considerable danger and it appears essential for passengersecurity to succeed in forbidding access to transport means and/orinstead of boarding of any unauthorised person with bad intentions.

A real demand is today emerging from users of aerial transport toincrease the security level during boarding and during the transportitself, in order to avoid a possible drop in the frequentation of thistype of transport, which would have considerable damaging financialrepercussions on airlines.

Systems are already known, which aim to make it possible for theindividual control of access to an airport; this is the case, forexample, in English patent GB 2 382 907 relating to a system for theindividual control of access to an airport comprising a card containinginformation such as, for example, biometric characteristics which couldbe read by an access control machine which compares them to informationtaken in real time on the user in order to authorise (or not) access tothe user. The access card can moreover comprise, the characteristics ofthe status of the user (passenger, employee, hierarchical level), whichdetermines the places of which access is authorised within the airport.

However, the current configuration of boarding places in a transportmeans, in particular of the aeroplane type, is such that the placeswhere an access control is necessary are remote from one another,disseminated within the same global space destined for boarding; thismultiplicity of control places consequently multiplies the risks ofintrusion of unauthorised persons accessing there, or which would riskdamaging the security of those persons on the transport, namelypassengers, and administrative, technical and flight personnel.

SUMMARY

The aim of the present invention is to propose a secure airport terminalof which the technical and operational infrastructure makes it possible,on the one hand, to ensure a maximum security level to protect thephysical integrity of the building constituting said terminal, aircraft,land vehicles, and passengers and flight, technical and administrativepersonnel, and, on the other hand, to propose secure parking andaircraft preparation zones in view of making the aircraft operationalfor a new departure. Moreover, to the security ensured by saidinfrastructure, is also added the notion of person confidentiality(passengers, crew, clients, etc.), aircraft, personal vehicles andmovements associated with these 3 categories.

According to the invention, a secure terminal is therefore proposed forthe aerial transport of passengers, of which the technical andoperational infrastructure makes it possible to ensure the physicalsecurity of the building, aircraft, goods, passengers and flight,technical and administrative personnel and confidentiality of passengersand their goods, said secure terminal being noteworthy in that itcomprises at least one building having a globally V-shaped horizontalsection and comprising two branches extending from a mid-zone,constituting parking hangars for aircraft and determining between theman uncovered central zone, called “ramp”, arranged to make it possiblefor the handling and parking of aircraft, the ramp being physicallyisolated from the exterior environment of the terminal secured by abarrier, named “shield”, joining the free ends of the branches and thustransforming the building/ramp assembly into a secure enclosure, theshield also participating in safeguarding the confidentiality ofboarding, disembarking and loading, unloading movements of the aircraftparked on the ramp.

The portion of the ramp arranged in the immediate proximity of themid-zone is preferably covered and constitutes the boarding zone likelyto receive at least one aircraft and making it possible for theboarding/disembarking of passengers, crew and clients and theloading/unloading of goods and loads out of bad weather or sunshine andin particular, out of invasive outside views.

Said portion of the ramp advantageously comprises a rotating platformcapable of receiving an aircraft and of making it pivot by around 180degrees to position the cockpit in the direction of the shield. Inaddition, the internal façade of the boarding zone is reinforced toresist the mechanical and thermal stresses caused by the thrust of saidreactors of an aircraft.

Advantageously, the secure terminal comprises an autonomous orsemi-autonomous defrosting device making it possible for the defrostingand application of defrosting products on aircraft located on the ramp,in order to make them operational for a new departure, said defrostingdevice being directly controllable by a worker on the ground or directlyby the pilot in command of the aircraft in question.

According to a preferred embodiment, the defrosting device is astabilised, suspended system composed of a distribution tank equippedwith one or more buses, mobile along a cable tense between the branchesof the building of the secure terminal, said distribution tank/cableassembly being mobile, along a direction substantially perpendicular tosaid cable using two winding trolleys, each capable of being moved alongthe upper edge of one of the internal façades of the branches of thebuilding.

The distribution tank is preferably capable of being moved verticallywith respect to the cable using an extendible device.

To ensure the security, the secure terminal is organised into zones ofdifferent security levels, the latter being at least as follows:

-   -   HC ZONE: zones relating to placements outside of the control of        the secure terminal,    -   SCi ZONES: zones relating to placements outside and/or inside of        the secure terminal under the control of said secure terminal,    -   FO ZONE: zones relating to placements reserved for law        enforcement agencies and not accessible to passengers,

during the passage from one zone to another, specific security ruleswill be applied according to the entity which transits, said securityrules being implemented by different means and equipment.

The secure terminal advantageously comprises a CCTV system to make itpossible to monitor all of the SCi zones, the images produced by saidvideo surveillance system being stored on the secure servers of saidvideo surveillance system and transmitted in real time to a securitycontrol station (CS) of the secure terminal with secure and controlledaccess, said images transmitted to the CS being with an automaticmasking of faces other than those of employees of the secure terminal.

Said video surveillance system preferably comprises fixed cameras andpanoramic cameras, said cameras being high-definition cameras and usingthe Internet protocol to transmit, in an encrypted manner, images andcontrol signals to video servers through a dedicated optical fibre oranalogue internal communication network.

The video surveillance system furthermore has a system for detectingmovement and facial recognition and a thermal camera network.

Preferably, the secure terminal comprises configurable transit shieldsat the level of the passage of one SCi zone to another, and severalX-ray scanners used at least as follows:

-   -   a scanner dedicated to checked-in luggage and placed at the        level of the shield of vehicle arrivals;    -   a scanner made available to law enforcement agencies at the        level of the main access to aircraft, whether for arrivals or        departures;    -   a scanner dedicated to hand luggage and placed at the level of        the shield of pedestrian arrivals;    -   a scanner dedicated to goods, both for passengers and for the        terminal;    -   a scanner dedicated to the entry of personnel with metal        detection gate.

In addition, the secure terminal advantageously comprises a system formanaging containers making it possible to route, in secure containers,goods and/or luggage, in order to guarantee the integrity of the contentthereof from the departure point thereof to the arrival point thereof,these secure containers having an electronic lock functioning based oncodes with at least six figures needing to be entered on the keypad ofthe container(s), a unique closing code and a unique opening code beingassociated with each flight of an aircraft, such that once a containeris closed, it can no longer be opened and, once opened, it can no longerbe closed, except for express request from the authorities.

The secure terminal is preferably configured to guarantee the securitylinked to the personnel thereof, the latter being ensured by at leastthe following equipment and procedures:

-   -   a specific recruitment procedure;    -   an access lock for the entry of personnel with systematic        passage through security gates;    -   a biometric authentication for controlling access to workspaces;    -   a limitation of personal items which could be present in the        internal zones of the secure terminal;    -   a limitation of communication means with the exterior;    -   a unique secure and personalised badge to each employee required        for any movement in the secure terminal.

Preferably, said badge is activated by inserting a unique secure andpersonalised chip card and the entering by the employee of theirpersonal identification code, said chip card only being able to beprogrammed in the presence of the Human Resources Director and theSecurity Director of the secure terminal and containing at least thefollowing encrypted data:

-   -   the digital images of the face (in colour, in black and white        and in infrared) of the employee;    -   the fingerprints of the fingers of both hands;    -   the vein prints of both hands;    -   the standard identity information of the employee: surname,        forename, role, duration of employment contact at least.

Finally, to ensure the security of aircraft from the time when they areon the ramp, the secure terminal comprises non-intrusive security meanswhich require no equipment inside or on the aircraft, these securitymeans comprising at least one video surveillance device, a device forthe perimetric detection and controlling of appliances used mainly inhangars and on the ramp.

BRIEF DESCRIPTION OF THE FIGURES

Other advantages and characteristics will best emerge from the followingdescription of a method of executing a secure terminal according to theinvention, in reference to the appended figures, wherein:

FIG. 1 is an exterior top view of a secure terminal according to theinvention;

FIG. 2 is a partially interior top view of the secure terminal of FIG.1;

FIG. 3 is an exterior top view of a variant of the secure terminal ofFIG. 1;

FIG. 4 is a perspective, partially top view of the secure terminal ofFIG. 1;

FIG. 5 is a perspective, partially top view of the secure terminal ofFIG. 1 according to another viewpoint.

DETAILED DESCRIPTION

In reference to FIGS. 1 to 3, the invention relates to a secure terminal1 for the aerial transport of passengers, mainly businesspersons, ofwhich the technical and operational infrastructure makes it possible toensure the physical security of the building, aircraft, passengers andflight, technical and administrative personnel.

Said secure terminal 1 comprises at least one building 2 having aglobally V-shaped horizontal section and comprising two branches 3extending from a mid-zone 4.

Each branch 3 constitutes parking hangars 5 for aircraft 6 making itpossible to park the latter after a flight while awaiting a newdeparture or for upkeep or maintenance operations.

The two branches 3 of the building 2 determine between them, anuncovered central zone 7, called “ramp”, which makes it possible for thehandling, the operations and the parking of aircraft. The ramp 7 isphysically isolated from the exterior environment of the secure terminal1 by a barrier 8 of a significant height of several metres, named“shield”, joining the free ends of the branches 3 and thus transformingthe building 2/ramp 7 assembly into a truly secure enclosure. The shield8 also participates in preserving the confidentiality of boarding,disembarking and loading, unloading movements of aircraft parked on theramp 7.

Generally, the term “shield” here means a physical barrier (or not)having to be crossed by persons, equipment or goods/luggage to pass fromone zone to another.

Said ramp 7 thus makes it possible to receive several aircraft 6 eitherto carry out passenger boarding/disembarking operations, or to make itpossible for them to join the parking hangars 5. This configuration isparticularly useful, as no aircraft, land vehicle, or individual canenter onto the ramp 7 without being authorised to do so.

Moreover, the portion of the ramp 7 arranged in the immediate proximityof the intersection of two branches 3 is covered and constitutes theboarding zone 9. In the latter likely to receive aircraft 6, passengers,crew and clients can board or disembark and goods and loads can beloaded/unloaded out of bad weather or sunshine and in particular, out ofinvasive outside views.

Moreover, to make it possible to also reduce the time necessary to makethe aircraft 7 operational in view of a new departure, said portion ofthe ramp 7 comprises a rotating platform 71 capable of receiving anaircraft 6 and of making it pivot by around 180 degrees to position thecockpit in the direction of the shield 8. Likewise, to make it possiblefor said aircraft 6 to be moved by using the reactors thereof, theinternal façade 91 of the boarding zone 9 will be reinforced to resistthe mechanical and thermal stresses caused by the thrust of saidreactors.

The secure terminal 1 advantageously comprises a car park for landvehicles integrated in the building 2, preferably on the ground floor ofthe latter. This architectural configuration is particularly useful, asit makes it possible to intrinsically guarantee the securing and theprotection of said land vehicles, but also the confidentiality ofarrivals and departures by land, as the rising and descending ofvehicles are carried out even inside the building 2.

In addition, it is understood that the V-shape of the building 2 of thesecure terminal 1 according to the invention ensures a perfectmodularity of the latter. Indeed, this symmetrical geometric shape makesit possible, according to needs, for the adaptation of receivingsurfaces and car parks (branches 3 and ramp 7). Likewise, this V-shapeis particularly suitable for a multiplication of corolla-shapedbuildings 2 (see FIG. 3).

In reference to FIGS. 4 and 5, in order to guarantee the utilisation intotal security of aircraft 6 in winter periods or in geographical zoneswith a harsh climate, the secure terminal 1 advantageously comprises anautonomous or semi-autonomous defrosting device 10, of which the aim isto make it possible to defrost and apply defrosting products on aircraft6 located on the ramp 7 in order to make them operational for a newdeparture. Said defrosting device 10 is directly controllable by alimited worker on the ground, or directly by the pilot in command of theaircraft 6 in question.

Furthermore, the defrosting device 10 makes it possible for a diffusionof defrosting or anti-frost product in a quantity that is just required,suitable for the geometry of the aircraft 6 to be treated and for theanalysis of icy surfaces or to protect them.

According to an embodiment represented in FIGS. 4 and 5, the defrostingdevice 10 is a stabilised, suspended system composed of a distributiontank 11, mobile along a cable 12 tense between the branches 3 of thebuilding 2 of the secure terminal 1. Said distribution tank 11 (cable12) is mobile, along a direction substantially perpendicular to saidcable 12, using two winding trolleys 13, each capable of being moved,according to a slide connection or sliding pivot, along the upper edgeof one of the internal façades of the branches 3 of the building 2.

Here, by “internal”, this means an element, for example, a façade, whichis located on the side of the ramp 7 and by “external”, an element whichis located on the opposite side.

Said distribution tank 11 is an electromechanical device containing adefined volume of defrosting and anti-frost products for one or moreaircraft. These products are delivered onto the surfaces of the aircraftto be treated using one or more buses, not represented in the figures,arranged at the final points of the circuits of managed products,conventionally, by solenoid valves and pumps not represented.

The winding trolleys 13 are mobile along the branches 3 of the building2 and comprise, for this purpose, one or more wheels 13 a or rollersengaging with a guide rail 14 secured to the upper edge of the internalfaçade of the associated branch 3. Furthermore, each winding trolley 13comprises a motorised hoist 13 b, of the winch/winding hoist type,making it possible to wind the cable 12 symmetrically in order to adaptthe actual length of said cable 12 to the geometry of the building 2 andto maintain, by resistant locking, the tension required in said cable12. The supply of winding trolleys 13 is advantageously provided by abrush-commutator assembly installed jointly on each winding trolley 13and on the associated guide rail 14.

Thus, with such a configuration, the distribution tank 11 is mobileaccording to at least two degrees of freedom in order to guarantee theprojection of products over all the surfaces of the aircraft to betreated. The first degree of freedom, referenced X in FIG. 4, is ensuredby the movement of the distribution tank 11 along the cable 12. Thesecond degree of freedom, referenced Y in FIG. 4, is provided by themovement of the cable 12 along the guide rails 14 using the movements ofeach of the motorised trolleys 13.

The distribution tank 11 is preferably autonomous in electrical power byembedding one or more interchangeable batteries and with semi-rapidrecharging, for example, of the Li-ion/Li—Po/Li—Fe at 1.5-2C maximum.

In addition, in order to ensure a precision of the treatment operationsagainst frost and to reduce losses of chemical melting products(defrosting agents) and preventative products (anti-frost agents), athird degree of freedom, along a vertical direction referenced Z in FIG.4, is provided. Thus, the distribution tank 11 is capable of being movedvertically with respect to the cable 12 using an extendible device 15composed of pulley-cable assemblies or actuators. The latter degree offreedom also makes it possible for a placing on the ground of thedistribution tank 11 for reloading products and changing batteries.

The defrosting device 10 is dedicated to the treatment of all aircraft 6taken care of by the secure terminal 1, said aircraft 6 going from thesmall private jet, such as for example a Cessna Citation Mustang, to themedium-haul of the type, for example, Boeing 737 or Airbus 320.Consequently, it is understood that all the surfaces cannot be directlycovered with defrosting or anti-frosting products by gravity. Thedistribution tank 11 is therefore equipped with one or more orientablebuses, making it possible for a projection of products on surfaces thatare difficult to access.

The defrosting device 10 is advantageously remote-controlled by a worker(operator on the ground or technical flight personnel, a pilot forexample, directly from the cockpit of the aircraft 6) either in manualmode, or more usefully, in automated mode. In the latter mode, all thatwill be needed, is for the worker to enter into the interface, thecoordinates in the space of the aircraft 6 to be treated, the physicalposition of the appliance in the treatment zone and the type of aircraft6, before triggering the launching order of the defrosting procedure.However, in needed, the worker can trigger controlling the return tofill the distribution tank 11 or trigger the emergency stop.

In order to guarantee the precision and the controlling of theoperations carried out, the distribution tank 11 is preferably equippedwith a camera, not represented, transmitting in real time, theoperations and the treated surfaces to the worker. This optionalequipment goes in the direction of quality, but also in the direction ofefficiency in terms of qualified labour required and time to reactivatethe aircraft 6.

The whole interest of this defrosting device 10 according to theinvention is understood. First, from an economic standpoint, the“closest” treatment of the surfaces according to the relative specificcoordinates of the aircraft 6 makes it possible to avoid anyover-wasting of defrosting or anti-frost products. Finally, theimplementation of the defrosting device 10 is rapid and requires reducedlabour for treatment and control operations.

The other aim of the secure terminal 1 is to ensure the physicalsecurity of the building, passengers and personnel. For this, theinfrastructure of the secure terminal 1 is composed of robust and provenhardware and software, but also, specifically developed hardware andsoftware.

Moreover, to guarantee the security of the secure terminal 1, the latteris organised in zones of different security levels, advantageously 6 ofthe latter, not represented in the figures:

-   -   HC ZONE: zones relating to placements outside of the control of        the secure terminal 1 (public zones or runways),    -   SC1 ZONE: zones relating to placements outside under the control        of the secure terminal 1 (car parks, road, etc.),    -   SC2 ZONE: zones relating to placements inside the secure        terminal 1 and reserved for members of personnel to which any        external person (visitors, passengers, etc.) has no access,    -   SC3 ZONE: zones relating to placements inside the secure        terminal 1 by which passengers transit (reception, lounges, open        spaces, etc.), these zones being separated into two segments:        national zone and international zone,    -   SC4 ZONE: zones relating to placements inside for managing        aircraft, these zones being protected by one-way doors        configured dynamically according to the specific flow to each        flight,    -   FO ZONE: zones relating to placements reserved to law        enforcement agencies and not accessible to passengers.

It is understood, that to pass from one zone to another, specificsecurity rules will be applied according to the entity which transits(personnel, passengers, law enforcement agencies, etc.), said securityrules being implemented by different means and equipment, notrepresented, and detailed below.

More generally, the SCi zones: SC1, SC2, SC3, etc. are zones relating toplacements outside and/or inside the secure terminal 1 under the controlof the latter.

Thus, to make it possible for a monitoring of all of the SCi zones (HCand FO zones not being covered for legal reasons), a CCTV system,advantageously high-definition, is implemented in the secure terminal 1.

Said video surveillance system preferably comprises fixed cameras andpanoramic cameras to monitor zones with a broad spectrum (aircraftspace, open space, etc.). These cameras are advantageously of the IPcamera type, i.e. a camera using the Internet protocol to transmitimages and control signals via a rapid connection of the Ethernet type,and preferably have at least the following characteristics: generationof High-Definition flow (1080P) at 30 images per second, optical zoom ×5only requiring a luminosity level of 0.3 LUX.

Communications between said cameras and video servers are encryptedusing a protocol for securing exchanges, of the Transport Layer Securitytype (TLS) or similar, each camera thus having its own identificationkey. Said communications are achieved through a dedicated internalcommunication network and transit by optical fibre or equivalent inorder to remove any risk of electromagnetic interception.

Moreover, the images produced by the cameras of the video surveillancesystem are transmitted in real time to the security control station (CS)of the secure terminal 1 with secure access and control locatedpreferably in an SC2 zone.

The cameras are preferably placed in tinted or clear glass domes toavoid any circumvention or analysis of the functioning thereof.

Said video surveillance system also comprises an internal technicalinfrastructure located in the SC2 zone and with secure and controlledaccess and equipped with IT servers making it possible to store all ofthe videos for a minimum duration of 2 years.

The video surveillance system furthermore has a system for detectingmovement and facial recognition making it possible to trigger an alarmin case, for example, of not respecting the zones such that, forexample, an unknown person being detected in the SC2 zone.

To complete the video surveillance system, a network of thermal cameras,not represented in the figures, is advantageously implemented in thedifferent zones. Thus, in the N1 zone, these thermal cameras make itpossible for the detection of movements over non-illuminated placementsor not benefiting from a sufficient luminosity during the night.Likewise, in the SC2 and SC3 zone, these thermal cameras are used at thelevel of access to the terminal (SC2 for employees, SC3 for passengers)to non-intrusively detect any equipment which could be dissimulated invehicles or clothes.

According to a preferred configuration, said thermal cameras have arange of 150 metres, diffuse a video stream at least of VGA quality at30 images per second secured by the TLS protocol and have a level ofsensitivity of less than 70 mK.

Moreover, the secure terminal 1 according to the invention is alsoequipped with several X-ray scanners used as follows:

-   -   a scanner dedicated to checked-in luggage and placed at the        level of the shield of vehicle arrivals;    -   a scanner made available to law enforcement agencies at the        level of the main access to aircraft, whether for arrivals or        departures;    -   a scanner dedicated to hand luggage and placed at the level of        the shield of pedestrian arrivals;    -   a scanner dedicated to goods, both for passengers and for the        terminal;    -   a scanner dedicated to the entry of personnel with metal        detection gate.

Ultrasound technology is also used within the secure terminal 1according to the invention for monitoring aircraft, it will be detailedabove.

Finally, the secure terminal 1 also comprises transit shields at thelevel of the passage from the N1 zone to the SC3 zone, the latter beingconfigurable, defined and adapted according to needs: real time and/orplanning.

With such a configuration, the security of passengers is mainly ensuredby all equipment of the secure terminal 1 described above and used toensure the security of the terminal, but also by a set of operationalprocesses.

Thus, access to the internal zones of the secure terminal 1 (SC2 to SC4)is only authorised after the passage by a shield wherein a certainnumber of verifications are made. These actions make it possible toguarantee the security of other passengers but also members of thepersonnel.

-   -   Eligibility of the passenger;    -   Passage under X-ray of checked-in luggage;    -   Passage under X-ray of hand luggage;    -   Passage under infrared of the passenger.

To guarantee the security of goods within the secure terminal 1, asystem for managing containers is provided, making it possible, inparticular, to route, into secure containers, not only goods, but alsochecked-in luggage, in order to guarantee the integrity of the contentthereof from the departure point thereof to the arrival point thereof,these secure containers having an electronic lock functioning based on acode with at least six figures which must be entered on the keypad ofthe container(s).

Thus, to each flight of an aircraft 6, is associated a unique closingcode and a unique opening code according to the following method:

-   -   at the time of the departure, the system for managing containers        generates two unique codes: a closing code which is transmitted        to the member of the personnel responsible for checked-in        luggage (and possibly for the member of the personnel        responsible for goods if processed in a different flow) and an        opening code automatically printed on a delivery slip which is        given to a member of flight personnel or to the pilot by a        member of reception personnel;    -   on arrival, the system for managing containers generates two        unique codes: a closing code printed automatically on a handling        slip given to a member of flight personnel or to the pilot by a        member of reception personnel and an opening code which is        transmitted to the member of personnel responsible for the        transport of goods.

Once the container is closed, it can no longer be opened and, onceopened, it can no longer be closed. In case of goods being omitted, anew container must compulsorily be provided, no failover code beingpossible.

However, if necessary, it is possible to generate a second opening codeand to transmit it, only on request of the authorities, if these want tocarry out verifications of goods contained in a container. This code isonly valid one single time, the locking is automatic after the closingof verified goods.

The device for generating codes associated with the system for managingcontainers is based on the three following technologies:

-   -   known SIM/SAM technology making it possible for the integration        of a unique electronic chip in each container (SIM: Subscriber        Identity Module) and the use of a unique generator on the        servers (SAM: Secure Access Module), all of the cryptographic        calculations being made within the microprocessors contained in        said chips, no security key therefore being exposed;    -   key diversification technology using block encryption algorithms        according to a Feistel network;    -   a code calculation protocol based on OTP technology (One Time        Password).

Outside of physical security, the anonymity of passengers forms anintegral part of the concept of the secure terminal 1 according to theinvention. This anonymity of passengers, which is protected by theimplementation of the shield 8 joining the free ends of the branches 3of the building 2, is also possible using the technical andorganisational methods implemented.

First, video surveillance images are fully recorded on secure servers ofthe video surveillance system, but are restored on the control screensof the security CS with an automatic masking of faces based on facialrecognition technology, based for example, on the “Eigenface” methodwhich uses a set of specific vectors in order to resolve the problem ofrecognising the human face. Said masking is synchronised with thedatabase relating to the employees of the secure terminal 1, such thatall unknown faces, i.e. not listed in said database, are automaticallymasked. However, this masking method is only applied for zones beyondN1.

In addition, arrivals and departures are carried out by transit zoneswhich are dedicated to each flight. Thus, the passengers of two flightscannot physically cross, except for in shared spaces of the client doesnot benefit from a private transit space, said private transit spacesmaking it possible for passengers to be isolated from other passengersfrom their vehicle to their aircraft.

Outside of these aspects, in order to guarantee passengerconfidentiality, employees are not authorised to have their mobiletelephone or personal camera beyond the SC2 zone. Communicationequipment which is thus made available to employees, does not make itpossible to make calls outside or to take photos.

The secure terminal 1 is also configured to guarantee the securitylinked to the personnel, the latter being ensured by the followingequipment and procedures:

-   -   a specific recruitment procedure;    -   an access lock for the entry of personnel with systematic        passage through security gates, advantageously X-rays and metal        detectors;    -   a biometric authentication for controlling access to workspaces;    -   a limitation of personal items which could be present in the        internal zones of the secure terminal;    -   a limitation of communication means with the exterior;    -   a unique secure and personalised badge to each employee required        for any movement in the secure terminal 1.

In addition, in order to avoid any risk linked to the undesirableintrusion of potentially dangerous objects or products, at each arrival,employees are confined in a locker room having reinforced walls wherethey must leave any personnel item and dress in their professionaluniform, except for administrative employees having a specificaccreditation. Then, they must pass under a metal detection gate and canrandomly form the subject of a control by analysis of dangerous product.Each employee has an electronic badge wherein they must insert theirchipcard described below. This badge will make it possible for employeesto be automatically recognised in different zones of the secure terminal1 and to be authenticated without having to attach it on a reader. Toaccess the terminal, the employees use a one-way access lock for onesingle passage which is dedicated to them. To enter, as to exit, theymust present their chipcard on a reader and be authenticated with theirfingerprint (N1 zone to SC2 zone). To pass from one zone to another,each employee must be identified via a biometric or facialauthentication.

To this end, biometric print sensors used to authenticate the employeesintegrate numerous technologies to guarantee the non-falsification of aprint such as:

-   -   contactless optical reader;    -   fake finger and human finger detection;    -   joint integration of the vein network;    -   native encryption of fingerprints;    -   no local storage of prints.

In addition, the prints are not stored in a central system, but in thechipcards of employees. Furthermore, the correspondence is made twice,once on the chipcard of the employee and once on the reader. Thisapproach makes it possible to use two different trusted third parties.

To be able to be identified within the secure terminal 1, each employeeof the personnel preferably has at least:

-   -   one secure personal chipcard;    -   one electronic badge to keep it on them;    -   an internal communication means, if necessary;    -   a digital tablet in order to be able to access the information        system.

Said chipcard provided to each employee responds to the EAL securitycertification (Evaluation Assurance Level), level 5+ at least. Theenrolment thereof is very secure, since once delivered, this personalchipcard cannot be modified. Said chipcard contains at least thefollowing encrypted data:

-   -   digital images of the face (colour, black and white and        infrared) of the employee;    -   the fingerprints of the fingers of the two hands;    -   the vein print of the two hands;    -   the standard identity information of the employee: surname,        forename, role, duration of employment contact at least.

The chipcard can only be programmed in the presence of the HumanResources Director and the Security Director of the secure terminal 1.The chipcard of these two persons has a specific profile since each ofthem contains a third of the encryption key necessary for the enrolmentof cards of other employees. Thus, secrets are distributed overdifferent supports and are not held by any single system or person. Toaccess these keys, the holder must be identified by their fingerprint.

To communicate with the contactless reader or the biometric reader, thechipcard establishes a secure communication channel avoiding attacks bylistening to flows. To do this, the chipcard uses SIM/SAM technology,itself being comprised of SIM and each item of authentication equipmenthaving a SAM.

The electronic badge is obligatory for each employee. It integrates theunique SIM/SAM security mechanism and is composed:

-   -   of a placement for the chipcard (SIM);    -   of a security component (SAM);    -   of an electronic ink touchscreen displaying a numeric keypad        before activation and the surname, forename, role of the        employee after activation;    -   of a long-range RFID (Radio Frequency Identification) radio        frequency interface;    -   of a wireless communication interface of the Bluetooth Low        Energy (BLE) 4.2 type or similar.

To activate the badge, the employee must insert their chipcard in thebadge and enter their personal identification code PIN (PersonalIdentification Number). For clear security reasons, at the end of 3erroneous PIN codes, the card will be definitively blocked and a newcard must be created.

Each badge has a transponder making it possible to localise it at anytime in the secure terminal 1, but also to remotely block it. Eachemployee, according to their role, is authorised to access certain zonesonly, if the latter is detected in an unauthorised zone, an alert isemitted to the security CS and their accreditations will thus betemporarily blocked.

The badge is not authorised to exit the secure terminal 1. Consequently,if it is activated outside of the normal zone of use thereof or withouta valid employee card, all of the data that it contains areautomatically destroyed to avoid any “reverse engineering”: activityconsisting of studying an object to determine the internal functioningthereof or the production method and the secrets thereof.

With personal telephones not being authorised inside the secure terminal1, employees have secure and restricted communication means making itpossible for them to only communicate with the other members of thepersonnel or possibly the authorities.

Thus, several secure communication means are made available to thepersonnel: telephone, smartphone, or also, Walkie-Talkie.

Each of these communication means is associated with an employee. It isunlocked by a personal code, but also by the presence in the near field,of their badge, which must be activated.

Moreover, these communication means make it possible for access to theplatforms for managing the secure terminal 1 and have several securitymechanisms.

Thus, the communication means are unlocked automatically if the holdingemployee moves away or if the badge of said employee is deactivated(battery problem, removal of the card, etc.). Likewise, thecommunication means are automatically blocked, localised and their datadeleted if it is illuminated outside of the geographical functioningzone thereof.

Furthermore, the secure terminal 1 ensures the security of aircraft 6from the time when they are in the SC4 zone, i.e. in the hangars 5 or onthe ramp 7. This security is ensured by several security means which arenon-intrusive and require no equipment inside or on the appliance. Thesesecurity means of aircraft 6 comprise at least one video surveillancedevice, a perimeter detection device and the control of appliances usedover the SC4 zone.

The video surveillance device makes it possible to cover each aircraft,or group of aircraft by, on the one hand, a monitoring of it all usingpanoramic camera and, on the other hand, a local monitoring by camerasoriented specifically on specific placements such as, for example,access gates, check-in, etc.

From the time when an aircraft 6 is entered into the SC4 zone of thesecure terminal 1, it thus has one of the following statuses:

-   -   in movement: the aircraft 6 is in the SC4 zone of the secure        terminal 1, it is thus identified by the serial number thereof        which is recorded as “authorised” until the departure thereof;    -   parked, in activity: only the movement of the aircraft 6        triggers an alert;    -   parked, isolated: all the movements of the aircraft 6 itself,        but also in the proximity, triggers an alert.

In all scenarios, if the video surveillance device is no longer able tolocalise the aircraft 6, for example by using optical recognition basedon the serial number thereof, an alert is sent.

The secure terminal is equipped with a perimeter detection device, fixedor mobile, specifically designed. The latter makes it possible to coverand to manage all types of detections not covered by the videosurveillance device described above.

Each perimeter detection device preferably comprises at least fourentities, each having at least one emitter and an orientable laser beamreceiver, two miniature directional cameras, a directional infraredemitter, a directional ultrasound emitter, a wireless connection to thesupervision system and a manual or autonomous manual configurationsystem.

For each aircraft 6 of group of aircraft 6, the four entities are placedaround the zone to be monitored and connected to one another to createone single and unique perimeter detection logical entity.

An alert is thus triggered if at least one of the following events isproduced:

-   -   the laser beam connecting the entities to one another is broken;    -   one of the cameras observes a movement over the specific        placement that it targets;    -   the infrared system detects a mass;    -   the ultrasound system detects a resonance change.

For basic aircraft 6, the perimeter detection device is positioneddirectly in the ground of the secure terminal 1, for the other aircraft6, it is mobile and comprises removable feet.

The perimeter detection device can be activated and deactivated bymembers of the personnel of the secure terminal 1 authorised to work onthe aircraft 6, only if an intervention order has been notified.

The secure terminal 1 is furthermore equipped with heavy equipment suchas, for example, towing vehicles or escalators. The latter are allequipped with an electronic start system controlled by the badge of theemployee and also using SIM/SAM technology. Said badge thus plays therole of SIM and the SAM module is integrated into each item of heavyequipment. Moreover, access to said items of heavy equipment is onlyauthorised for employees having the required qualification. To starteach item of heavy equipment, the employee must furthermore achieve abiometric authentication. This authentication will remain valid if theemployee remains at a reasonable distance from said equipment, in thecase on the contrary, to be able to restart the equipment, the employeemust again be authenticated. In any case, the movement of said heavyequipment is only authorised if the authenticated employee is actuallylocated on board.

To guarantee the security of the communication protocols, the secureterminal 1 advantageously uses contactless communication by radiofrequency, RFID, the latter preferably using the 13.56 Megahertzfrequency band. However, like any contactless radio communication, aperson with a bad intention can listen to these communications usingspecialised equipment. It is therefore essential to resolve the securityproblem intrinsically linked to this type of communication. For this,all communications between the chips and the readers are advantageouslyconform with the GlobalPlatform Card Specification 2.2.1. standard andto the amendments thereof for the establishment of a secure SCP11-typechannel (Secure Communication Protocol).

The complementary integration of a mutual authentication mechanism(SIM/SAM) guarantees not only the security, but also the integrity ofthe data exchanged.

Likewise, the secure terminal 1 advantageously uses, for communicationsbetween the badges and the peripherals, the communication protocol byradio frequency BLE 4.2 using the 2.4 Gigahertz frequency band, thelatter being a communication protocol intended mainly to the objectsconnected for which the need despite data transmission being low andvery economical regarding electric consumption. However, like anycontactless protocol, it can be listened to by specialised equipment. Toresolve the security problem intrinsically linked to the communicationby radio frequency, all the communications between the badges and theperipherals are preferably encrypted by Elliptic Curve Cryptography(ECC), of the ECC256 type based on derived points specific to the secureterminal 1. In addition, to avoid spoofing of physical IDs, called MAC(Media Access Control) addresses, the badges implement the IRK (IdentityResolvable Key) protocol.

POSSIBILITY FOR INDUSTRIAL APPLICATION

The secure terminal 1 according to the invention is more specificallyintended for the aerial transport for businesspersons, but it can alsobe considered for the aerial transport of conventional passengers or forland or sea transport.

Finally, it goes without saying, that examples of the secure terminal 1according to the invention which has just been described are onlyspecific illustrations, in no case limiting of the invention.

The invention claimed is:
 1. A secure terminal for the aerial transportof passengers of a technical and operational infrastructure which makesit possible to ensure the physical security of the building, aircraft,goods, passengers and flight, technical and administrative personnel,and the confidentiality of passengers and their goods, said secureterminal comprising: at least one building having a horizontal V-shapedsection, the horizontal V-shaped section comprising two branchesextending from a mid-zone to a free-end, each branch comprising parkinghangars for aircraft and an uncovered central zone between the twobranches, called a “ramp”, arranged to make it possible for the handlingand parking of aircraft, the ramp being physically isolated from anexterior environment of the secure terminal by a barrier, named“shield”, the shield joining the free ends of the branches thus forminga secure enclosure, the shield also participating in preserving theconfidentiality of boarding, disembarking and loading, unloadingmovements of aircraft parked on the ramp.
 2. The secure terminalaccording to claim 1, wherein the portion of the ramp arranged in theimmediate proximity of the mid-zone is covered and constitutes theboarding zone likely to receive at least one aircraft and making itpossible for the boarding/disembarking of passengers, crews and clientsand the loading/unloading of goods and loads out of bad weather orsunshine and in particular, out of invasive outside views.
 3. The secureterminal according to claim 2, wherein said portion of the rampcomprises a rotating platform configured to receive an aircraft andpivot by around 180 degrees to position the cockpit in the direction ofthe shield, wherein an internal façade of the boarding zone isreinforced to resist mechanical and thermal stresses caused by thrust ofone or more reactors of an aircraft.
 4. The secure terminal according toclaim 1, further comprising an autonomous or semi-autonomous defrostingdevice for defrosting and applying defrosting products on the aircraftlocated on the ramp in order to make the operational for a newdeparture, said defrosting device being controllable directly by aworker or directly by a pilot in command of the aircraft.
 5. The secureterminal according to claim 4, wherein the defrosting device is astabilised suspended system composed of a distribution tank equippedwith one or more buses, mobile along a cable tense between the branchesof the building of the secure terminal, said distribution tank/cableassembly being mobile, along a direction substantially perpendicular tosaid cable using two winding trolleys configured to move along an upperedge of one of the internal façades of the branches of the building. 6.The secure terminal according to claim 5, wherein the distribution tankis capable of being moved vertically with respect to the cable using anextendible device.